Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Utilities Framework Security Vulnerabilities - 2020

cve
cve

CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

9.8CVSS

9.2AI Score

0.007EPSS

2020-05-01 07:15 PM
398
4
cve
cve

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effor...

7.5CVSS

6.9AI Score

0.002EPSS

2020-10-01 08:15 PM
237
3
cve
cve

CVE-2020-14895

Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide). Supported versions that are affected are 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 - 4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Easily exploitable vulnerability allows low privileged attacke...

5.4CVSS

5.1AI Score

0.001EPSS

2020-10-21 03:15 PM
22
cve
cve

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tr...

6.3CVSS

6.8AI Score

0.001EPSS

2020-05-14 04:15 PM
365
5
cve
cve

CVE-2020-2555

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 ...

9.8CVSS

9.1AI Score

0.97EPSS

2020-01-15 05:15 PM
1070
In Wild
3
cve
cve

CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

7.5CVSS

7.3AI Score

0.003EPSS

2020-12-03 05:15 PM
300
17
cve
cve

CVE-2020-28052

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

8.1CVSS

7.7AI Score

0.004EPSS

2020-12-18 01:15 AM
273
13
cve
cve

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

3.7CVSS

6AI Score

0.002EPSS

2020-04-27 04:15 PM
307
17